Category: 3. Business

A solvent-free ball-milling process can break down waste polystyrene into benzene and aliphatic hydrocarbons in as little as 15 min (Angew. Chem., Int. Ed. 2025, DOI: 10.1002/anie.202512687). By also including benzoic anhydride in the reaction vessel, Junpeng Wang and his team at the University of Akron converted the freshly generated benzene directly to benzophenone, creating a one-pot method to valorize consumer waste into a useful chemical feedstock.

Polystyrene is one of the most recognizable and widely used plastics, with applications as diverse as packaging, construction, and medical equipment. However, the high cost of current recycling processes, combined with the low value of recovered material, means polystyrene is also one of the world’s least recycled plastics. In Spain, for example, 80% ends up in landfills and the remainder is incinerated.

Meanwhile, mechanochemistry, which drives chemical reactions by stimulating reactants via mechanical forces, is an inherently cost- and energy-efficient method. This simple process has already attracted interest as a strategy to handle plastic waste, including per- and polyfluoroalkyl substances (PFAS) and polyethylene. But rather than destroying or depolymerizing the plastic, Wang’s team focused on degrading polystyrene into simple benzene units, which they upcycled into valuable commodity chemicals.

The researchers began by grinding plastic pellets with an aluminum trichloride catalyst in a six-ball mill, driving a reaction known as a Friedel-Crafts dealkylation to form benzene and long-chain aliphatic hydrocarbons. Within 15 min, the reaction had degraded more than 90% of the starting polystyrene, a substantial time and energy savings compared with previous recycling methods.

With a route to benzene in hand, the team next explored coupling this degradation process with a second mechanochemical reaction, settling on a Friedel-Crafts acylation to generate benzophenone. The shared aluminum trichloride catalyst makes this sequence ideally suited to a one-pot procedure, and after an initial degradation period, benzoic anhydride was added directly to the ball mill and milled for a further 3 h. Initial iterations of the combined process produced a disappointing 11% yield, significantly less than the steps in isolation, but troubleshooting experiments quickly identified the cause of these low yields.

The heat generated by the milling process was sufficient to evaporate a substantial quantity of the benzene recovered from the polystyrene, leaving little available to react in the second step. Sealing the grinding apparatus with parafilm and incorporating a supramolecular trap to retain this volatile substrate immediately boosted the yield to 39%. Subsequent tests with real postconsumer waste—including Styrofoam boxes, spoons, and cups—produced even higher yields of benzophenone, demonstrating that the process is also compatible with typical plastic additives and contaminants.

Duncan Browne, a mechanochemist at University College London, found this an intriguing approach to polystyrene waste but suspects the volatility of benzene may make this process challenging to scale. “The key is that you want to know how much heat is generated from this process, and that’s something you would need to get a handle on before you go to too large a scale,” he says. “You’d need a chemical engineer to help you calculate those numbers and understand if you can do this safely [and] competitively with the current best practice.”

Despite this practical reservation, Browne believes this is nonetheless a significant finding. “Valorization is inherently sustainable, and mechanochemistry is also sustainable. So you’re almost amplifying sustainability by bringing these ideas together,” he says. “It’s a really nice demonstration of the potential of mechanochemistry as a solution to this type of high-impact problem.”

Bloomberg/Getty

In a move to further bolster data privacy, China’s State Administration for Market Regulation and the Standardization Administration of China jointly issued a national standard, GB/T 45574-2025, Data Security Technology – Security Requirements for Processing of Sensitive Personal Information (the Standard), effective as of November 1, 2025. Serving as a detailed and practical extension of the Personal Information Protection Law with respect to the processing of sensitive personal information, the Standard translates high-level statutory principles into operational requirements, offering clear expectations across industries.

As a nonmandatory (recommended) standard, the Standard refines the definition and scope of sensitive personal information, clarifies protection requirements, and offers detailed operational guidance for organizations handling sensitive personal information within China.

Notably, the Standard introduces significant changes to what constitutes “sensitive personal information” compared with the previous 2020 national standard (GB/T 35273-2020). Specifically, it removes certain categories—such as identity card numbers, marital status, deposit information, real estate information, transaction records, and consumption records—from the sensitive personal information list, retaining only resident ID photos and personal income details among previously listed items.

Simultaneously, it introduces a more nuanced approach by distinguishing between rough location information and precise/continuous tracking data. Furthermore, not all health-related data is deemed sensitive; basic metrics such as weight, height, blood type, and blood pressure are excluded unless tied to medical conditions.

That said, as the Standard is a recommended guideline, its enforcement may vary and individual branches of the Cyberspace Administration of China (CAC) may retain discretion in interpreting its provisions or maintaining their own internal standards for sensitive personal information.

Furthermore, despite these removals, the Standard maintains a risk-based approach: information can still be classified as sensitive if its leakage or misuse could harm an individual’s dignity, safety, or financial security, or if the aggregation of seemingly nonsensitive data poses such risks. This framework emphasizes contextual risk assessment over rigid categorization.

The Standard also outlines strict prerequisites for data collection, enhanced notification duties, granular consent mechanisms, and comprehensive security measures, providing a practical extension of China’s PIPL. While nonbinding, the Standard is expected to influence regulatory interpretations and serve as a key benchmark for companies aiming to demonstrate compliance with China’s evolving data protection regime.

IDENTIFICATION OF SENSITIVE PERSONAL INFORMATION

The Standard reiterates and elaborates on the definition of “sensitive personal information,” which includes information that, if leaked or misused, could infringe on a natural person’s dignity or endanger their personal or property safety. Categories include:

• Biometric information
• Religious beliefs
• Specific identities
• Medical and health information
• Financial account information
• Location and tracking information
• Personal information of children under 14
• Other sensitive personal information with high risk upon misuse

However, compared with the previous national standard, the Personal Information Security Specification (GB/T 35273-2020) issued in 2020 (the 2020 Specification), the new Standard (GB/T 45574-2025) introduces the following changes with respect to the scope of sensitive personal information:

• Identity card number is removed. The 2020 Specification explicitly classified identity card numbers as sensitive personal information, whereas the new Standard removes this category and only includes resident ID photos.
• Marital status is removed. Marital status was clearly listed as sensitive personal information in the 2020 Specification, but has since been removed per the new Standard.
• Deposit information, real estate information, transaction records, and consumption records are removed. While the 2020 Specification categorized these types of information as sensitive personal information, the new Standard no longer includes them, and retains only personal income details as sensitive.
• Rough location information is distinguished from precise and continuous tracking information. The 2020 Specification treated general location tracking information as sensitive personal information. In contrast, the new Standard limits the scope to continuous and precise positioning trajectory information, vehicle driving trajectory information, and continuous activity trajectory information of individuals. Additionally, the Standard explicitly excludes location and tracking data generated by certain professions—such as food delivery and courier services—when such data is used solely for fulfilling service obligations.
• Not all health-related information is considered sensitive. The Standard specifies that basic physical information—such as weight, height, blood type, blood pressure, and lung capacity—is not considered sensitive personal information if it is not related to a person’s illness or medical treatment.

Ultimately, the Standard is a nonbinding (recommended) national guideline and its actual enforcement effect remains to be seen. While the Standard removes sensitive classification for identity card numbers, marital status, deposit information, real estate information, transaction records, and consumption records, it is not clear how local branches of the CAC will interpret and treat such information in practice. Interpretation and enforcement may vary depending on the discretion of individual branches. Companies should be cautious and seek consultation in practice.

CRITERIA TO IDENTIFY SENSITIVE PERSONAL INFORMATION

Despite the above information being generally removed from the Standard, it would still qualify as sensitive personal information if it satisfies the following identification criteria under the multilayered framework outlined by the Standard:

• Information shall be classified as sensitive if it meets any of the following conditions:
  1. If leaked or misused, it is likely to infringe upon the dignity of the individual. For example, doxxing, unauthorized access to online accounts, telecom fraud, reputational harm, or discriminatory treatment based on attributes such as identity, religion, sexual orientation, or health status.
  2. If leaked or misused, it is likely to endanger the personal safety of the individual. For example, the disclosure of location and tracking data may pose physical safety risks.
  3. If leaked or misused, it is likely to compromise the financial security of the individual. For example, exposure of financial account information may result in monetary loss.
• It should be considered not only standalone data items but also the aggregation of multiple general personal data points. If the combined dataset, when leaked or misused, could result in risks described in (a), it should be treated as sensitive personal information.
• Any personal information defined as sensitive under applicable laws or regulations must be recognized as such.

This recognition framework emphasizes a risk-based approach, requiring the personal information handlers to proactively assess the potential impact of data processing on individuals’ rights and interests. It also reflects a growing trend in Chinese regulatory practice to focus not only on the nature of data, but also on the context of its use and potential harm.

PRECONDITIONS FOR COLLECTION OF SENSITIVE PERSONAL INFORMATION

According to the Standard, before collecting sensitive personal information, personal information handlers must comply with a set of legal and ethical prerequisites aimed at ensuring transparency, legitimacy, and necessity. The main requirements are outlined as follows:

• No collection of sensitive personal information if general personal information suffices. If the processing purpose can be achieved using nonsensitive data, sensitive personal information must not be collected.
• Collection must be limited to active use periods. Sensitive personal information should only be collected during the period when the data subject is actively using the specific business function that requires it.
• Collection must be function- or scenario-specific. Sensitive personal information must be collected on a per-function or per-business-scenario basis, avoiding unnecessary bundling of data.
• App-based collection must comply with national requirements. Where sensitive personal information is collected via mobile applications, the practice must comply with GB/T 41391, another of China’s (recommended) standards for app-based personal information collection.
• No concealment of data collection functionalities. Products or services that involve sensitive personal information collection must clearly disclose, typically through privacy policies or similar notices, the types, scope, purpose, necessity, and potential impact on individuals’ rights.
• No unauthorized technical scraping. The use of automated tools (e.g., scripts or bots) to extract sensitive personal information from websites, applications, or transmitted content is not permitted.

STRINGENT NOTIFICATION REQUIREMENTS

Before collecting sensitive personal information, personal information handlers shall provide clear and proactive notification to individuals. Under the Standard, obligations include but are not limited to:

• Personal information handlers must use distinguishable methods such as pop-up windows, SMS, input forms, animations, redirected prompt pages, or voice prompts to notify individuals before collecting sensitive personal information. These mechanisms must ensure the individual’s attention and informed understanding.
• Where sensitive personal information is continuously collected (e.g., during app usage involving real-time recording, tracking, or monitoring), personal information handlers should implement persistent or periodic notification mechanisms. For example, in navigation services that continuously collect a data subject’s geolocation information, the individual should be reminded that their location is being collected through means such as floating windows, pop-up messages, voice prompts, device vibrations, or status bar icons.

This notification framework emphasizes transparency and user awareness, aiming to mitigate risks associated with covert or insufficient disclosure and uphold individuals’ right to be informed.

REFINED REQUIREMENTS FOR CONSENT

The Standard provides further granularity regarding the conditions and implementation of separate consent, written consent, and the withdrawal of consent by individuals. These refinements serve to operationalize the consent-related requirements under the PIPL and ensure that consent is not only lawfully obtained but also specific, informed, and revocable.

Separate Consent

The Standard provides that separate consent means that, when processing sensitive personal information, personal information handlers shall not obtain consent in combination with that for general personal information. Key provisions include:

• Where a single type of sensitive personal information is used for multiple processing purposes or business functions, the handler shall not obtain bundled consent.
• Where multiple sensitive personal information processing activities are involved, personal information handlers shall provide the personal information subject with a separate consent mechanism for each processing purpose or business function.
• When processing publicly available sensitive personal information, if the handler’s assessment concludes that such processing may have a significant impact on individual rights and interests, the handler shall obtain the separate consent of the individual.

With regard to the means to obtain separate consent, the Standard provides that separate consent may be obtained through the personal information subject’s active submission or by informing the individual through dedicated interfaces, such as separate pages, telephone, or SMS, followed by affirmative actions such as clicking, option selection, or form completion.

Written Consent

The Standard dictates that, unless laws or regulations expressly provide otherwise, the processing of sensitive personal information shall require the written consent of the personal information subject:

• Written consent may be obtained by the personal information handler through a tangible expression of the content, such as paper documents or digital communications, and the personal information subject shall provide consent through active signature, seal, or electronic signature, among other means.
• Scenarios requiring written consent include but are not limited to the collection of human genetic resources, inquiries into personal information made to credit reporting agencies, the provision of credit information by financial institutions to other entities, and the disclosure of real estate transaction-related information in the course of using real estate brokerage services.

The Withdrawal of Consent

Where sensitive personal information is processed based on individual consent, the personal information handler shall provide the personal information subject with a convenient means to withdraw consent, and is also encouraged to inform the personal information subject of the potential impact that withdrawal of consent may have on them.

SPECIFIC SECURITY MEASURES

In addition to the provisions outlined above, the Standard includes a wide range of detailed requirements for personal information handlers in the protection of sensitive personal information.

These requirements, while operational in nature, reflect the growing expectation for granular compliance throughout the sensitive personal information processing. They include, but are not limited to, the following:

• The personal information handler shall identify sensitive personal information prior to processing, classify it accordingly, and establish a sensitive personal information catalog, which shall be updated in a timely manner.
• After de-identification, sensitive personal information shall be protected as general personal information, except for information that has been anonymized. When sensitive personal information is displayed in products or internal systems, the personal information handler shall apply de-identification by default.
• The personal information handler shall conduct a personal information protection impact assessment before launching any new application that involves the processing of sensitive personal information, and the assessment report shall be retained for three years.
• The personal information handler shall record the processing and operations of sensitive personal information, and log records shall be retained for three years.
• The personal information handler is advised to evaluate the effectiveness of the deletion or anonymization of sensitive personal information. Sensitive personal information that has been deleted or anonymized shall not be capable of being restored.
• The personal information handler shall conduct security audits of sensitive personal information processing logs and user access permissions at least once per month and shall promptly address any improper authorizations or operations.
• The personal information handler shall establish a mechanism for the deletion of sensitive personal information and shall provide the personal information subject with convenient means to delete their sensitive personal information. Where the retention of such information is required by laws or administrative regulations, the personal information handler shall promptly delete or anonymize it upon expiration. It is worth noting that the Standard defines “expiration” to include the following circumstances:
  • The processing purpose has been achieved, cannot be achieved, or is no longer necessary to achieve the processing purpose
  • The personal information handler has ceased to provide the relevant product or service, or the retention period has expired
  • The individual has withdrawn their consent
  • The personal information handler has violated laws or administrative regulations or has processed personal information in breach of agreed terms
  • The statutory retention period prescribed by laws or administrative regulations has expired, among other circumstances
• For personal information handlers that process sensitive personal information of more than 100,000 individuals, the Standard stipulates that the following requirements must be met:
  • A personal information protection officer and management body shall be designated to supervise personal information processing activities and the implementation of corresponding protection measures
  • The personal information protection officer shall possess professional knowledge of personal information protection and relevant management experience and shall be a member of the handler’s management team
  • Security background checks shall be conducted on the personal information protection officer and personnel in key positions
  • In circumstances such as mergers, divisions, dissolution, or bankruptcy that may affect the security of sensitive personal information, a disposal plan for sensitive personal information shall be developed, and appropriate measures shall be taken to ensure its security

Finally, the Standard sets out specific security requirements that must be separately complied with for biometric information, religious belief information, medical and health information, financial account information, location and tracking information, and personal information of individuals under the age of 14.

CONCLUSION

While GB/T 45574-2025 is a recommended national Standard and not legally binding, it serves as a detailed and practical extension of the PIPL with respect to the processing of sensitive personal information. The Standard translates high-level statutory principles into operational requirements, offering clear expectations across industries.

The CAC and other regulatory authorities may from time to time conduct random inspections of companies’ personal information protection practices. Based on our experience, the principles and safeguards outlined in this Standard could offer valuable guidance for demonstrating good-faith compliance with the PIPL and related regulations.

In support of the Presidential AI Challenge, Amazon will offer up to $200,000 total in AWS credits to challenge-winning school districts, $1.5 million in cash prizes to challenge-winning students, and technical guidance for educators who are supporting student teams with their AI solutions. We will also enable educator access to PartyRock, an Amazon Bedrock Playground to build AI-generated apps.

Jaguar Land Rover (JLR) has instructed factory staff to stay at home until at least Tuesday as the company continues to grapple with the fallout from a cyber attack.

The attack at the weekend forced the company to take vital IT systems offline, which has affected car sales and production.

Production remains halted at car factories in Halewood on Merseyside and Solihull in the West Midlands, as well as at its engine manufacturing centre in Wolverhampton.

The situation remains under review and output could remain suspended for longer.

Car sales have also been heavily disrupted, although the BBC understands some transactions have been able to take place.

The company, which is owned by India’s Tata Motors, shut down its systems on Sunday in order to limit potential damage from the cyber attack.

It is now working to restore them in a controlled manner, but this is understood to be a highly complex process. It is also introducing work-arounds for systems that remain offline.

The disruption extends well beyond JLR’s own production lines, with its network of parts suppliers also forced to restrict their operations. Some have complained of a lack of transparency from the company.

On Wednesday a hacker group which was also responsible for a highly damaging attack on Marks and Spencer earlier in the year said it had infiltrated JLR’s systems.

The group of young English-speaking hackers – who are thought to be teens calling themselves “Scattered Lapsus$ Hunters” – told the BBC how they allegedly accessed the car maker but have not revealed if they successfully stole private data from JLR or installed malicious software onto the company’s network.

The group posted two images, which showed apparent internal instructions for troubleshooting a car charging issue and internal computer logs.

A security expert said those screenshots suggested the group had access to information they should not have.

JLR says it is investigating the hack, but there is no evidence at this stage any customer data has been stolen.

In 2023, as part of an effort to “accelerate digital transformation across its business”, JLR signed a five-year, £800m deal with corporate stablemate Tata Consultancy Services to provide cybersecurity and a range of other IT services.

The halt in production is a fresh blow to the firm which recently revealed a slump in profits attributed to an increase in costs caused by US tariffs.

PROVIDENCE, R.I. [Brown University] — It doesn’t take an expert photographer to know that the steadier the camera, the sharper the shot. But that conventional wisdom isn’t always true, according to new research led by Brown University engineers. 

The researchers showed that, with the help of a clever algorithm, a camera in motion can produce higher-resolution images than a camera held completely still. The new image processing technique could enable gigapixel-quality images from run-of-the-mill camera hardware, as well as sharper imaging for scientific or archival photography. 

“We all know that when you shake a camera, you get a blurry picture,” said Pedro Felzenszwalb, a professor of engineering and computer science at Brown. “But what we show is that an image captured by a moving camera actually contains additional information that we can use to increase image resolution.”

The study was presented recently at the International Conference on Computational Photography and is posted on arXiv. 

Digital cameras produce images by averaging the intensity of light over an array of pixels — tiny squares arranged in a grid. This sets a resolution limit: details smaller than a single pixel get smeared out across the pixel rather than precisely located within it. That causes sub-pixel details to be blurred. 

The technique developed by Felzenszwalb and his team uses camera motion to produce sub-pixel resolution. When the camera moves, small points of light leave tracks that cross multiple pixels. The team’s algorithm uses those tracks as extra information to pinpoint exactly where fine details must have been, reconstructing them on a finer grid. The result is a super-resolution image with detail sharper than the original pixel array allows.

For the study, the researchers tested the technique by mounting a conventional camera to a moving stage, which enabled them to test their techniques in various movement scenarios. In some cases, the team took multiple photos while moving the camera slightly between exposures, then used their algorithm to construct a single image from the multiple shots captured by the camera between movements. In other cases, the team moved the camera during each exposure and reconstructed a higher-resolution image from a single motion-blurred shot. 

In both cases, the team showed that their algorithm could harness the camera motion to produce images with far higher resolution than would be possible without the motion. 

“There was some prior theoretical work that suggested this shouldn’t be possible,” Felzenszwalb said. “But we show that there were a few assumptions in those earlier theories that turned out not to be true. And so this is a proof of concept that we really can recover more information by using motion.”

The researchers envision plenty of potential applications for their technique. A moving stage setup like the one used for the experiments could be used for super-resolution archival photography of artworks or artifacts, the researchers say. The technique could also be useful for photography from moving aircraft. 

The team also sees a possibility for the algorithm to one day run on commercially available cameras. 

“There are existing systems that cameras use to take motion blur out of photos,” Felzenszwalb said. “But no one has tried to use that to actually increase resolution. We show that’s something you could definitely do.” 

The team plans to continue developing their technique and look for industry partners to make it available to the public in the coming years. 

Amid growing concerns about how children and teens engage with AI chatbots, including a tragic suicide reportedly linked back to a teen’s use of ChatGPT, OpenAI announced plans to roll out parental controls later in September. According to the company, these tools will allow parents to set usage limits and get notifications if the chatbot detects “acute distress.” 

Experts in artificial intelligence (AI) and child psychology at Virginia Tech view this more as progress, but caution that it might not be enough to prevent harm.

“The legal responsibility of these platforms is going to be a major issue moving forward,” said Cayce Myers, professor in the School of Communication. “Parental notification and control is a step in the direction toward reigning in the excesses of AI, but ultimate control over the platforms is more complex. It involves programming, user self-regulation, and access issues for vulnerable populations.”

Myers emphasized that AI is complex and unpredictable and regulation goes beyond traditional media oversight. 

“As these platforms become more humanlike in their interactions, they can create complex relationships with users,” Myers said. “While this ability improves user experience and can actually help those who face social isolation and loneliness, it can also go awry, exacerbating mental health issues.”

While parental control over media has been a national conversation since the 1990s, AI use among youth is still relatively new territory.

“We don’t know a lot about the protective and risk factors associated with ChatGPT or other chatbots,” said Rosanna Breaux, a child psychologist and director of the Child Study Center. “But we do have strong evidence that parental monitoring is beneficial for children’s media use.”

Breaux said this oversight is linked to better academic performance and social functioning, largely due to reduced screen time and limited exposure to violent or negative content.

“We can expect similar benefits when parents are aware of how often and in what ways their children are using AI,” she said.

However, Breaux pointed out that parental oversight of adolescent internet use tends to be low and media restrictions alone do not necessarily curb problematic behavior.

“Notifications triggered by distressing, violent, or other potentially problematic content could help enforce oversight without parents needing to directly restrict use of AI,” she said. “But this should also be coupled with strategies like offering mental health resources when there are concerning searches.”

Beyond monitoring of media use, Breaux recommends several approaches for parents to help reduce the risk of mental health crisis and suicide in children and teens

• Model healthy habits and mental health awareness: Take care of your own mental health and share coping strategies. Don’t be afraid to talk to your child about emotions, even with young children, and don’t be afraid to talk about suicide. These conversations won’t increase risk but can open the dialog for future conversations, if they do need help.

• Normalize seeking support: Don’t stigmatize or judge if your child wants to seek out therapy. Encourage it as a way to manage stress or life transitions. Look for books and apps that encourage healthy coping, such as mindfulness exercises, to be used proactively.

• Monitor your child: Look for major changes in mood or behavior, such as not enjoying things they used to, withdrawing or isolating themselves, being more irritable, shifts in appetite, shifts in sleep, lack of energy or motivation.

About Myers

Cayce Myers is a professor of public relations and director of graduate studies at the School of Communication at Virginia Tech. His work focuses on media history, political communication, and laws that affect public relations practice. He is the author of “Artificial Intelligence and Law in the Communication Professions,” “Profession and Money in Politics: Campaign Fundraising in the 2020 Presidential Election,” and “Campaigns Inc.” 

About Breaux

Rosanna Breaux is an associate professor in the Department of Psychology and is the director of the Child Study Center, as well as the CALMER (Coping skills and Learning to Manage Emotions Readily) Lab. Her research focuses on the social-emotional and academic functioning of children and adolescents, self-regulation, and understanding the role of parents in shaping children and adolescents’ social-emotional development.

Interview

To schedule an interview, contact Margaret Ashburn at mkashburn@vt.edu or 540-529-0814.